IV for EFS' symmetric algorithm?!?
Next message: lelteto: "Re: HCRYPTKEY from actual key bytes"
Date: Wed, 22 Jun 2005 15:42:54 +0300
Hello,
I need to decrypt manually a file that was encrypted by EFS. For this I
retrieved the LOGGED_UTILITY_STREAM NTFS attribute of the file (names $EFS),
parsed it into DDF and DRF records, and for one of these records I
successfully decrypted the FEK (file encryption key).
Thus, I have a HCRYPTKEY build from the decrypted FEK. This is supposed to
decrypt the file's content., And it does. Except, the very first 16 bytes
and then this repeats at every 2KB, the data does not decrypt OK.
The algorithm is in CBC mode. This means that I am not supplying the correct
IV for it. Can anyone tell me where does EFS store the IV for the symmetric
algorithm?
Regards,
Levente
Next message: lelteto: "Re: HCRYPTKEY from actual key bytes"
Relevant Pages
- Re: Byte array to string and back - newbie question
... // Create a symmetric algorithm. ... This is done to make encryption more ... // Encrypt a string into a string using a password ... // Decrypt a byte array into a byte array using a key and an IV ...
(microsoft.public.dotnet.framework.aspnet.security) - Re: EFS Recover Agents Unable to decrypt files
... Permissions were checked to make sure that the EFS RA had full ... The EFS RA imported it's EFS RA certificate from storage in a secure ... I tried to decrypt the file after only importing the ... a special recovery key is created with the encryption process. ...
(microsoft.public.win2000.file_system) - Re: Recover encrypted file?
... If it can decrypt, it will tell you that it only decrypts ... Since your computer's and users' SIDs changed your EFS private key will no ... want to buy the full version for $99 to try and recover your files. ... > that encryption keys must be backed up separately from a normal backup (which ...
(microsoft.public.windowsxp.security_admin) - Re: Theoretical
... and you're trying to determine the algorithm ... > and either recover the encryption key or at least decrypt one or more ... > of the remaining ciphertexts. ... you won't be able to decrypt ...
(sci.crypt) - Re: Decrypting a data protected by ProtectedData.Protect() on another PC.
... I just used Protect() and Unprotect, ... machine so that the algorithm actually uses part of the machine to encrypt ... and decrypt meaning that you can't decrypt from another machine. ... encryption needs which manages some of the issues for you automatically. ...
(microsoft.public.dotnet.languages.csharp) |
|
